In 2007, supported by an extraordinary team of family, friends, and medical staff, I stomped the snot out of a nasty cancer that was on its way to killing me. I've since learned that the way I did it has a lot in common with the advice of the "e-patients" movement, so I've changed my blogger name from Patient Dave to e-Patient Dave.

Tuesday, May 20, 2008

There's a lot of talk this week about the launch of Google Health. As much as I love everything online, I have grave concerns about this. I wrote about it here in January, speaking on general principle. But now that the thing is finally launched, the full terms of service are out (the fine print), and my concerns are even greater.

#1 on my list is that due to some legalese (Google itself isn't a healthcare provider), Google Health is not subject to HIPAA privacy regulations. Google isn't required to observe HIPAA protections to keep your data private, and there are no legal consequences if they don't.

Of greater concern is that the whole point of Google Health is that they send your information to others you select, at which point the data is completely out of Google's control.

And that doesn't begin to get into the sociological / political concerns I raised in January - questions of what to do when Google says "Really, just trust us" in the absence of any policing.

Slashdot (a well known tech blog): Google Health opens to the public. Those people are no fools, they have lots of experience with Google (for better and worse), and they have fun attitude. Some of them are pointing out that HIPAA obviously needs a major overhaul.

I'm so concerned about this that I've written my concerns on the blogs of my hospital's CEO and his CIO (top computer guy). The CIO is on the advisory council for the whole Google Health initiative, and I really want to know why they think the privacy issue (which is enforced on everyone else who touches your data) isn't a concern with Google.

Let's hope it turns out there's actually no privacy concern. Then all we'd have to worry about is whether to trust Google in the first place, given their track record as I've described below.